GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
395 advisories
Filter by severity
An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email...
High
Unreviewed
CVE-2023-50455
was published
Dec 10, 2023
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size...
High
Unreviewed
CVE-2023-5379
was published
Dec 13, 2023
Allocation of Resources Without Limits in Keycloak
High
CVE-2023-6563
was published
for
org.keycloak:keycloak-model-jpa
(Maven)
Dec 14, 2023
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation...
High
Unreviewed
CVE-2023-3171
was published
Dec 27, 2023
Ion Java StackOverflow vulnerability
High
CVE-2024-21634
was published
for
com.amazon.ion:ion-java
(Maven)
Jan 3, 2024
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper...
High
Unreviewed
CVE-2024-21604
was published
Jan 12, 2024
In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of...
High
Unreviewed
CVE-2023-52427
was published
Feb 11, 2024
For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time...
High
Unreviewed
CVE-2024-21771
was published
Feb 14, 2024
Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and related RFCs) allow remote attackers...
High
Unreviewed
CVE-2023-50387
was published
Feb 14, 2024
When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP)...
High
Unreviewed
CVE-2024-23979
was published
Feb 14, 2024
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS...
High
Unreviewed
CVE-2024-20321
was published
Feb 29, 2024
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5...
High
Unreviewed
CVE-2024-26461
was published
Feb 29, 2024
Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged...
High
Unreviewed
CVE-2020-11862
was published
Mar 14, 2024
VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via...
High
Unreviewed
CVE-2024-26577
was published
Mar 27, 2024
An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1....
High
Unreviewed
CVE-2023-43768
was published
Mar 27, 2024
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
High
CVE-2024-22189
was published
for
github.com/quic-go/quic-go
(Go)
Apr 2, 2024
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames
High
GHSA-w8gf-g2vq-j2f4
was published
for
amphp/http-client
(Composer)
Apr 3, 2024
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to...
High
Unreviewed
CVE-2024-27316
was published
Apr 4, 2024
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a...
High
Unreviewed
CVE-2024-3382
was published
Apr 10, 2024
In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar...
High
Unreviewed
CVE-2024-1666
was published
Apr 16, 2024
An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can...
High
Unreviewed
CVE-2024-4140
was published
May 2, 2024
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
High
CVE-2024-35231
was published
for
rack-contrib
(RubyGems)
May 28, 2024
TYPO3 Denial of Service in Frontend Record Registration
High
GHSA-hjx5-v9xg-7h25
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Flooding Server with Thumbnail files
High
CVE-2024-32871
was published
for
pimcore/pimcore
(Composer)
Jun 4, 2024
is_closing_session() allows users to create arbitrary tcp dbus connections
High
Unreviewed
CVE-2022-28655
was published
Jun 5, 2024
ProTip!
Advisories are also available from the
GraphQL API